package com.example.spring_project.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    //csrf:跨站请求伪造
    @Override
    protected void configure(HttpSecurity http) throws Exception { // 配置安全策略
        http.csrf().disable() // 禁用csrf,否则无法登陆
                .authorizeRequests() // 授权配置
                .anyRequest().permitAll(); // 所有请求都可以访问
    }

    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder(); // 使用BCrypt加密
    }


}
